Search Results for author:
Found 13 papers, 2 papers with code
Game of Trojans: Adaptive Adversaries Against Output-based Trojaned-Model Detectors
We propose and analyze an adaptive adversary that can retrain a Trojaned DNN and is also aware of SOTA output-based Trojaned model detectors.
Double-Dip: Thwarting Label-Only Membership Inference Attacks with Transfer Learning and Randomization
However, the suitability of TL as a solution to reduce vulnerability of overfitted DNNs to privacy attacks is unexplored.
MDTD: A Multi Domain Trojan Detector for Deep Neural Networks
An adversary carrying out a backdoor attack embeds a predefined perturbation called a trigger into a small subset of input samples and trains the DNN such that the presence of the trigger in the input results in an adversary-desired output class.
LDL: A Defense for Label-Based Membership Inference Attacks
Overfitted models have been shown to be susceptible to query-based attacks such as membership inference attacks (MIAs).
Game of Trojans: A Submodular Byzantine Approach
The results show that (i) with Submodular Trojan algorithm, the adversary needs to embed a Trojan trigger into a very small fraction of samples to achieve high accuracy on both Trojan and clean samples, and (ii) the MM Trojan algorithm yields a trained Trojan model that evades detection with probability 1.
Trojan Horse Training for Breaking Defenses against Backdoor Attacks in Deep Learning
We term this category of attacks multi-target backdoor attacks.
Privacy-Preserving Reinforcement Learning Beyond Expectation
Through empirical evaluations, we highlight a privacy-utility tradeoff and demonstrate that the RL agent is able to learn behaviors that are aligned with that of a human user in the same environment in a privacy-preserving manner
Adversarial Profiles: Detecting Out-Distribution & Adversarial Samples in Pre-trained CNNs
Here, we propose a method to detect adversarial and out-distribution examples against a pre-trained CNN without needing to retrain the CNN or needing access to a wide variety of fooling examples.
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks
Using MNIST and CIFAR-10, we empirically verify the ability of our ensemble to detect a large portion of well-known black-box adversarial examples, which leads to a significant reduction in the risk rate of adversaries, at the expense of a small increase in the risk rate of clean samples.
Toward Metrics for Differentiating Out-of-Distribution Sets
We empirically verify that the most protective OOD sets -- selected according to our metrics -- lead to A-CNNs with significantly lower generalization errors than the A-CNNs trained on the least protective ones.
Controlling Over-generalization and its Effect on Adversarial Examples Detection and Generation
As an appropriate training set for the extra class, we introduce two resources that are computationally efficient to obtain: a representative natural out-distribution set and interpolated in-distribution samples.
Controlling Over-generalization and its Effect on Adversarial Examples Generation and Detection
As an appropriate training set for the extra class, we introduce two resources that are computationally efficient to obtain: a representative natural out-distribution set and interpolated in-distribution samples.
Towards Dependable Deep Convolutional Neural Networks (CNNs) with Out-distribution Learning
Detection and rejection of adversarial examples in security sensitive and safety-critical systems using deep CNNs is essential.
